Is Vivaldi now completely free from any contact with google when Third Party Services are disabled?
-
First of all, let me say that I was pleasantly surprised when I saw about a couple of months ago that Jon & friends were developing a new browser. After more than a decade of using Opera as my main browser, after 12.16 I switched to ff. I sent Mozilla a long list of user interface improvements that they could make to bring it up to the level of Opera. I did receive a thanks, but have not seen the improvements show up. Would you believe that I am still using Opera 12.17 to manage my bookmarks? This functionality is so unwieldy in other browsers. So when I come across something important that I want to add to my core bookmarks, I fire up Opera and put it in the right place in my bookmark hierarchy! Once in a while I export this bookmark file to my other browsers. Years ago, before google liberalized and cross-producted its spying policy, I used to have a gmail account. Some time after activating google talk to try it out, I found this thing called googleupdate which was installed on my machine, and silently updating itself in the background, previously unknown to me. Needless to say I pulled that weed out by the roots, and shortly afterwards shut down my gmail account. I am cautious about having any google related software on my machine (eg. no chrome), and would want to know 100% that there is not something inside vivaldi chromium which is contacting google, for anything. After seeing that Vivaldi is based on Chromium, I decided to install it first on an otherwise unused XP guinea pig machine. I considered whether this should be posted in Privacy and Security, but it affects all use of Vivaldi, not just those especially seeking privacy and security. There were some discussions about this in March 2015: https://vivaldi.net/en-US/forum/vivaldi-browser/2228-1-0-118-19-is-still-a-surveillance-tool and in May 2015: https://vivaldi.net/en-US/forum/vivaldi-browser/979-vivaldi-and-google-tracking?start=60#27299 but it was not clear if this has meanwhile been taken care of. When I open a tab and enter: vivaldi://net-internals/#dns after starting vivaldi with only one tab with the speed dial, I see the following hostnames: ajax.googleapis.com google-analytics.com googletagservices.com I do not want my browser to make any contact with google on its own, not for updates, not for search, not for dns, not for analytics,... ? If this has not been fixed yet, [when] will it be? Now if we can get this cleared up, I can install vivaldi and bring it into daily use. Thank you in advance.
-
yes, that's what I meant in the subject line "when third party services are disabled"
-
You may want to disable remote password management on the vivaldi://flags page so you don't wind up putting your passwords on Google:
Enable remote password management link Mac, Windows, Linux, Chrome OS, Android
Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link
[ Default ]
[ Enabled ]
[ [b]Disabled ] -
Thanks for pointing that out.
I think that vivaldi should ship with that disabled.And how about this one:
Use Chrome sync sandbox.
Connects to the testing server for Chrome Sync.Could that be a google server?
-
It looks like the Chrome sync sandbox is Disabled by default so you can leave it alone but keep an eye on it.
You should be aware that vivaldi://sync is a valid and working internal page and there are more flags/Experiments that may or may not be working – yet.
Use Google Payments sandbox servers Mac, Windows, Linux, Chrome OS, Android
For developers: use the sandbox service for Google Payments API calls for requestAutocomplete().
#wallet-service-use-sandbox
[ Default ]
[ Enabled ]
[ [b]Disabled ]Enable Google Payments card saving checkbox Mac, Windows, Linux, Chrome OS, Android
Show the checkbox to offer local saving of a credit card downloaded from the server.
#enable-offer-store-unmasked-wallet-cards
[ Default ]
[ Enabled ]
[ [b]Disabled ]Drop sync credentials from password manager. Mac, Windows, Linux, Chrome OS, Android
If enabled, the password manager will not offer to save the credential used to sync.
#enable-drop-sync-credential
[ Default ]
[ [b]Enabled ]
[ Disabled ]Autofill sync credential Mac, Windows, Linux, Chrome OS, Android
How the password manager handles autofill for the sync credential.
#autofill-sync-credential
[ Default ]
[ Allow ]
[ Disallow for reauth ]
[ [b]Disallow ]Enable Push API background mode Mac, Windows, Linux
Enable background mode for the Push API. This allows Chrome to continue running after the last window is closed, and to launch at OS startup, if the Push API needs it.
#enable-push-api-background-mode
[ Default ]
[ Enabled ]
[ [b]Disabled ]Have fun looking through the list. If something breaks, use the "Reset all to default" button at the top of the page.
-
Ike! Yes, I would like to have all of that disabled by default.
Just over the past few hours, having left my test setup of vivaldi open, and with no web pages open, only a few of these internal display pages, I see that vivaldi has contacted :
clients2.google.com
clients3.google.comas well as a few other addresses such as:
mxr.mozilla.org
publicsuffix.organd then a few seemingly random targets such as:
drqtjxvrnvdzv
zmfqgvv -
… and then a few seemingly random targets such as:
drqtjxvrnvdzv
zmfqgvvThose are just the Trojan Horse, don't worry about them. :dry: :whistle:
-
Yes, those random trojans are peculiar, aren't they?
They differ from session to session, and the present ones I am seeing today all give error 105, ERR_NAME_NOT_RESOLVEDBut the ones that I am still most concerned about look like clients2.google.com, which is 173.194.113.x where x ranges from 0 through 9 and also 14
Vivaldi accesses this hostname even when no web page is open
(even after all of the settings suggestions above have been implemented)Could one of the Vivaldi developers tell us how to stop this, or what/when the plan is to fix Vivaldi so that it does not access these servers, unauthorized by the user?
-
Joss,
Do you have any Google items in your SpeedDial/Bookmarks? Vivaldi will update/replace old thumbnails with new ones.
Are you sure it is Vivaldi making the connection and not one of the Google Update programs or the Service? Once Google Update gets into your system, getting rid of it is like trying to use a Nylon brush to clean Styrofoam beads off of a sheet of plastic.
-
No google items in speeddial nor bookmarks.
No googleupdate. Used steel brush.
?
-
If you got rid of all of the Google programs and the Updater, something may have been left turned on in Vivaldi. Is there any data being transferred?
I could be totally and disastrously wrong but Vivaldi is not likely to be configured correctly to use Google's servers/services so I can only imagine what the conversation would be like between Google and Vivaldi.
Vivaldi: Hi there!
Google: Who are you?
Vivaldi: It is I, Vivaldi!
Google: What can I do for you, Vivaldi?
Vivaldi: I don't know, I'm just doing my job!
Google:Thank you for calling!
Vivaldi: Bye!
(repeat) -
after starting vivaldi with only one tab with the speed dial, I see the following hostnames:
ajax.googleapis.com
google-analytics.com
googletagservices.comas well as a few other addresses such as:
mxr.mozilla.org
publicsuffix.orgNone of these connections show up here. Maybe coming from a web panel?
https://vivaldi.net/en-US/forum/vivaldi-browser/2228-1-0-118-19-is-still-a-surveillance-tool#19162
https://vivaldi.net/en-US/forum/vivaldi-browser/7193-why-does-vivaldi-connect-to-these-ips-on-startup?start=20#41398and then a few seemingly random targets such as:
drqtjxvrnvdzv
zmfqgvvThose were explained by Google itself, it checks if your internet provider changes 502s to websites.
Flags
All the flags you pointed are useless if you have not synced Vivaldi with Google:Enable remote password management link
Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link- This flag just shows a link to click and manage you passwords online if you have synced Vivaldi with Google. Just a link, nothing more.
Use Google Payments sandbox servers
For developers: use the sandbox service for Google Payments API calls for requestAutocomplete().- For developers to use the sandbox service when calling requestAutocomplete() in their extensions, just for debugging extension creation.
Enable Google Payments card saving checkbox
Show the checkbox to offer local saving of a credit card downloaded from the server.- Just shows a checkbox to keep saved credit card info in the PC. Nothing more, just the display of the checkbox.
Drop sync credentials from password manager.
If enabled, the password manager will not offer to save the credential used to sync.- If you have Vivaldi synced with Google, this flag will show a dialogue offering to save the passwords in your Google account. Just the dialogue, nothing more.
Autofill sync credential
How the password manager handles autofill for the sync credential.- This one I don't know what it does, but clearly requires Vivaldi to be synced with Google.
Enable Push API background mode
Enable background mode for the Push API. This allows Chrome to continue running after the last window is closed, and to launch at OS startup, if the Push API needs it.- Read Vivaldi where it reads Chrome. The Push API will also work in the background. Vivaldi won't close completely and may run at OS startup. Not connection related.
Use Chrome sync sandbox.
Connects to the testing server for Chrome Sync- Internal flag for Chromium developers, when setting up a sync with the browser it will use their testing servers. But only if you are setting up sync.
-
and then a few seemingly random targets such as:
drqtjxvrnvdzv
zmfqgvvThose were explained by Google itself, it checks if your internet provider changes 502s to websites.
That's some good information right there.
Flags
All the flags you pointed are useless if you have not synced Vivaldi with Google:Enable remote password management link
Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link- This flag just shows a link to click and manage you passwords online if you have synced Vivaldi with Google. Just a link, nothing more.
(big snip)
They're not useless and you don't need to sync with Google, although it works fairly smoothly if you have an account and you're logged on in Vivaldi.. If you click on the link, the remote password management Experiment wants to take you straight to a page with all of your passwords and offer to store them. It is not just a link, Disable it. And the same goes for the other flags/Experiments with just links that may or may not be working or even configured.
-
What is a web panel?
-
What is a web panel?
Web Panels are web page s(usually designed for mobiles) that you can add to your side panels. Google Translate is handy, but almost any page can be added.
-
What is a web panel?
If you click the "+" sign on the panels bar (the bar where you can access bookmarks, downloads or notes) if offers to save the page you are on as a persistent web panel, with which you can interact at the same time as you are browsing another regular page. Many of the panels are saved as the "mobile" version of the page, which is more compatible with the tall narrow format of a panel than a regular web page.
-
Thanks.
In that case I can report that I have not added any web panels. The only things there are Bookmarks, Mail, downloads and notes.The only thing that I have added to Vivaldi thus far is disconnect. Disconnect is is supposed to prevent unintended data communication with, among others, google. And yes, disconnect.me and services.disconnect.me do show up on vivaldi://net-internals/#dns
That is not what I posed the question about.clients2.google.com and clients3.google.com still also show up on that list.
The only tabs that I have opened in this browsing session are vivaldi://net-internals/#dns, vivaldi://flags and vivaldi://sync
and yet google servers are accessed twice. -
-
Perhaps you're not familiar with the code base (thanks for your efforts all the same), but maybe one of the developers of Vivaldi who is could chime in here and illuminate things further for us.
I think it is quite likely that I am not the only one who would like to know more about this topic before deploying Vivaldi in daily use.
-
@joss
Disable Disconnect and see if any connection is done to these:
ajax.googleapis.com
google-analytics.com
googletagservices.comBecause I've been logging Vivaldi connections for months and never saw those on start or on long time executing. The only ones I tracked were the ones I told on the threads I linked.
And there's a bug report about those connections.
If you click on the link
You don't click -> Nothing happens
Anyway, it doesn't matter, it's your choice.